Makes custom queries available through the REST API (#5737).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6186 e93f8b46-1217-0410-a6f0-8f06a7374b81

1 files changed, 11 insertions, 1 deletions

diff --git a/app/models/query.rb b/app/models/query.rb
index 786751c8c..a6fbe9b94 100644
--- a/app/models/query.rb
+++ b/app/models/query.rb
@@ -146,6 +146,16 @@ class Query < ActiveRecord::Base
   ]
   cattr_reader :available_columns
 
+  named_scope :visible, lambda {|*args|
+    user = args.shift || User.current
+    base = Project.allowed_to_condition(user, :view_issues, *args)
+    user_id = user.logged? ? user.id : 0
+    {
+      :conditions => ["(#{table_name}.project_id IS NULL OR (#{base})) AND (#{table_name}.is_public = ? OR #{table_name}.user_id = ?)", true, user_id],
+      :include => :project
+    }
+  }
+  
   def initialize(attributes = nil)
     super attributes
     self.filters ||= { 'status_id' => {:operator => "o", :values => [""]} }
@@ -168,7 +178,7 @@ class Query < ActiveRecord::Base
   
   # Returns true if the query is visible to +user+ or the current user.
   def visible?(user=User.current)
-    self.is_public? || self.user_id == user.id
+    (project.nil? || user.allowed_to?(:view_issues, project)) && (self.is_public? || self.user_id == user.id)
   end
 
   def editable_by?(user)